Update flash message for 2FA

app/controllers/auth/passwords_controller.rb

@@ -27,8 +27,32 @@ class Auth::PasswordsController < Devise::PasswordsController
     render "devise/passwords/reset_password"
   end
 
+  def update
+    self.resource = resource_class.reset_password_by_token(resource_params)
+    yield resource if block_given?
+
+    if resource.errors.empty?
+      resource.unlock_access! if unlockable?(resource)
+      if Devise.sign_in_after_reset_password
+        set_flash_message!(:notice, password_update_flash_message)
+        resource.after_database_authentication
+        sign_in(resource_name, resource)
+      else
+        set_flash_message!(:notice, :updated_not_active)
+      end
+      respond_with resource, location: after_resetting_password_path_for(resource)
+    else
+      set_minimum_password_length
+      respond_with resource
+    end
+  end
+
 protected
 
+  def password_update_flash_message
+    resource_class == AdminUser ? :updated_2FA : :updated
+  end
+
   def resource_class_name
     resource_class.name.underscore
   end

config/locales/devise.en.yml

@@ -35,6 +35,7 @@ en:
       send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
       send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
       updated: "Your password has been changed successfully. You are now signed in."
+      updated_2FA: "Your password has been changed successfully. Your security code has been sent."
       updated_not_active: "Your password has been changed successfully."
     registrations:
       destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon."